On Mon, 2006-05-29 at 20:06, Radovan Janecek wrote:
> Hm, you are talking about next level of policy-based security
> ecosystem. But securing web services is possible today and it's
> nothing hard. At least, not much harder than any other application
> available via network.
It's that "not much harder than any other application available via
network" part I was referring to. You're right, the specs are there and
it certainly is possible to implement secure Web services, but I'm
actually talking about implementing security beyond using something like
WS-Policy to define it (or any other policy specification mechanism).
Apologies if this didn't come across in the first message.
> Let's not make the problem bigger than it really is.
I know what you're saying, but I think the problem *is* currently pretty
big, and I would hate to have people who click the "make secure" box
when they auto-generate their WSDL service interface and data bindings
think that means they have a secure service. It just isn't true.
Implementing a secure anything is pretty hard to do properly unless it
isn't connected to a network and doesn't have any users or data.
As you say, Web services are the same as any other network application,
but the industry doesn't have a terribly good track record in making
secure network applications. It has taken a serious, multi-year effort
for Microsoft to change the way they write code to be more conscious of
security and consider at in all elements of the software lifecycle. I
think Microsoft is actually leading the pack in terms of large software
vendors getting serious about the problem.
Until everyone considers security at every step of delivering software,
security will remain an issue, and the only way it won't be hard anymore
is the same way riding a bicycle isn't hard after you've been doing it
for a few years. I don't think we're there yet, and that's why I made
the comment I did earlier.
Cheers,
ast
________________________________________________________________________
***************************************************************************************************
The information in this email is confidential and may be legally privileged Access to this email by anyone other than the intended addressee is unauthorized. If you are not the intended recipient of this message, any review, disclosure, copying, distribution, retention, or any action taken or omitted to be taken in reliance on it is prohibited and may be unlawful. If you are not the intended recipient, please reply to or forward a copy of this message to the sender and delete the message, any attachments, and any copies thereof from your system.
***************************************************************************************************
SPONSORED LINKS
| Computer software | Computer aided design software | Computer job |
| Soa | Service-oriented architecture |
YAHOO! GROUPS LINKS
- Visit your group "service-orientated-architecture" on the web.
- To unsubscribe from this group, send an email to:
[EMAIL PROTECTED]
- Your use of Yahoo! Groups is subject to the Yahoo! Terms of Service.
